You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by th...@apache.org on 2011/02/23 15:00:54 UTC
svn commit: r1073747 - in /axis/axis2/java/rampart/branches/1_6/modules:
rampart-core/src/main/java/org/apache/rampart/
rampart-core/src/main/java/org/apache/rampart/handler/
rampart-core/src/main/java/org/apache/rampart/policy/ rampart-integration/
ra...
Author: thilinamb
Date: Wed Feb 23 14:00:54 2011
New Revision: 1073747
URL: http://svn.apache.org/viewvc?rev=1073747&view=rev
Log:
Applying the patch provided by AmilaJ for RAMPART-299.
Modified:
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/pom.xml
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust-mar/module.xml
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java?rev=1073747&r1=1073746&r2=1073747&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java Wed Feb 23 14:00:54 2011
@@ -26,6 +26,7 @@ import org.apache.axis2.context.Operatio
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.neethi.Assertion;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.neethi.PolicyComponent;
@@ -40,6 +41,8 @@ import org.apache.rampart.policy.Rampart
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
@@ -56,10 +59,7 @@ import org.apache.ws.security.util.WSSec
import org.opensaml.SAMLAssertion;
import org.w3c.dom.Document;
-import java.util.Date;
-import java.util.List;
-import java.util.Vector;
-import java.util.ArrayList;
+import java.util.*;
public class RampartMessageData {
@@ -135,9 +135,9 @@ public class RampartMessageData {
* RahasConstants.VERSION_05_12
*/
- private int wstVersion = RahasConstants.VERSION_05_02;
+ private int wstVersion = RahasConstants.VERSION_05_12;
- private int secConvVersion = ConversationConstants.DEFAULT_VERSION;
+ private int secConvVersion = ConversationConstants.VERSION_05_12;
/*
* IssuedTokens or SecurityContextTokens can be used
@@ -166,16 +166,6 @@ public class RampartMessageData {
this.msgContext = msgCtx;
try {
-
- //Extract known properties from the msgCtx
-
- if(msgCtx.getProperty(KEY_WST_VERSION) != null) {
- this.wstVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WST_VERSION));
- }
-
- if(msgCtx.getProperty(KEY_WSSC_VERSION) != null) {
- this.secConvVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
- }
// First obtain the axis service as we have to do a null check, there can be situations
// where Axis Service is null
@@ -193,12 +183,12 @@ public class RampartMessageData {
msgCtx.getAxisService().addParameter(clientSideParam);
}
}
-
+
if(msgCtx.getProperty(KEY_RAMPART_POLICY) != null) {
this.servicePolicy = (Policy)msgCtx.getProperty(KEY_RAMPART_POLICY);
}
-
-
+
+
// Checking which flow we are in
int flow = msgCtx.getFLOW();
@@ -262,8 +252,11 @@ public class RampartMessageData {
//Process policy and build policy data
this.policyData = RampartPolicyBuilder.build(it);
+
+ //Set the version
+ setWSSecurityVersions(this.policyData.getWebServiceSecurityPolicyNS());
}
-
+
if(this.policyData != null) {
@@ -274,7 +267,7 @@ public class RampartMessageData {
msgCtx.setEnvelope((SOAPEnvelope)this.document.getDocumentElement());
this.soapConstants = WSSecurityUtil.getSOAPConstants(this.document.getDocumentElement());
-
+
// Update the Rampart Config if RampartConfigCallbackHandler is present in the
// RampartConfig
@@ -286,34 +279,15 @@ public class RampartMessageData {
}
//Check for RST and RSTR for an SCT
- if((WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext.getWSAAction())
- || WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext.getWSAAction())) &&
- this.policyData.getIssuerPolicy() != null) {
-
- this.servicePolicy = this.policyData.getIssuerPolicy();
-
- RampartConfig rampartConfig = policyData.getRampartConfig();
- if(rampartConfig != null) {
- /*
- * Copy crypto info into the new issuer policy
- */
- RampartConfig rc = new RampartConfig();
- rc.setEncrCryptoConfig(rampartConfig.getEncrCryptoConfig());
- rc.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
- rc.setDecCryptoConfig(rampartConfig.getDecCryptoConfig());
- rc.setUser(rampartConfig.getUser());
- rc.setUserCertAlias(rc.getUserCertAlias());
- rc.setEncryptionUser(rampartConfig.getEncryptionUser());
- rc.setPwCbClass(rampartConfig.getPwCbClass());
- rc.setSSLConfig(rampartConfig.getSSLConfig());
-
- this.servicePolicy.addAssertion(rc);
- }
-
- List it = (List)this.servicePolicy.getAlternatives().next();
-
- //Process policy and build policy data
- this.policyData = RampartPolicyBuilder.build(it);
+ String wsaAction = msgContext.getWSAAction();
+ if(WSSHandlerConstants.RST_ACTON_SCT.equals(wsaAction)
+ || WSSHandlerConstants.RSTR_ACTON_SCT.equals(wsaAction)) {
+ //submissive version
+ setTrustParameters();
+ }else if(WSSHandlerConstants.RST_ACTON_SCT_STANDARD.equals(wsaAction)
+ || WSSHandlerConstants.RSTR_ACTON_SCT_STANDARD.equals(wsaAction)) {
+ //standard policy spec 1.2
+ setTrustParameters();
}
}
@@ -379,8 +353,6 @@ public class RampartMessageData {
secHeader.insertSecurityHeader(this.document);
}
- } catch (TrustException e) {
- throw new RampartException("errorInExtractingMsgProps", e);
} catch (AxisFault e) {
throw new RampartException("errorInExtractingMsgProps", e);
} catch (WSSPolicyException e) {
@@ -391,6 +363,61 @@ public class RampartMessageData {
}
+ private void setWSSecurityVersions(String namespace) throws RampartException {
+
+ if (namespace == null || namespace.equals("")) {
+ throw new RampartException("Security policy namespace cannot be null.");
+ }
+
+ if (SP11Constants.SP_NS.equals(namespace)) {
+ this.wstVersion = RahasConstants.VERSION_05_02;
+ this.secConvVersion = ConversationConstants.VERSION_05_02;
+ } else if (SP12Constants.SP_NS.equals(namespace)) {
+ this.wstVersion = RahasConstants.VERSION_05_12;
+ this.secConvVersion = ConversationConstants.VERSION_05_12;
+ } else {
+ throw new RampartException("Invalid namespace received, " + namespace);
+ }
+
+ }
+
+ private void setTrustParameters() throws RampartException {
+
+ if (this.policyData.getIssuerPolicy() == null) {
+ return;
+ }
+
+ this.servicePolicy = this.policyData.getIssuerPolicy();
+
+ RampartConfig rampartConfig = policyData.getRampartConfig();
+ if (rampartConfig != null) {
+ /*
+ * Copy crypto info into the new issuer policy
+ */
+ RampartConfig rc = new RampartConfig();
+ rc.setEncrCryptoConfig(rampartConfig.getEncrCryptoConfig());
+ rc.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
+ rc.setDecCryptoConfig(rampartConfig.getDecCryptoConfig());
+ rc.setUser(rampartConfig.getUser());
+ rc.setUserCertAlias(rc.getUserCertAlias());
+ rc.setEncryptionUser(rampartConfig.getEncryptionUser());
+ rc.setPwCbClass(rampartConfig.getPwCbClass());
+ rc.setSSLConfig(rampartConfig.getSSLConfig());
+
+ this.servicePolicy.addAssertion(rc);
+ }
+
+ List it = (List) this.servicePolicy.getAlternatives().next();
+
+ //Process policy and build policy data
+ try {
+ this.policyData = RampartPolicyBuilder.build(it);
+ } catch (WSSPolicyException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ }
+
+ }
+
/**
* @return Returns the document.
*/
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java?rev=1073747&r1=1073746&r2=1073747&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java Wed Feb 23 14:00:54 2011
@@ -143,6 +143,8 @@ public class WSSHandlerConstants {
//TODO: Get these constants from the WS-Trust impl's constants
public final static String RST_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT";
public final static String RSTR_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT";
+ public final static String RST_ACTON_SCT_STANDARD = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT";
+ public final static String RSTR_ACTON_SCT_STANDARD = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT";
public final static String RSTR_ACTON_ISSUE = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue";
public final static String TOK_TYPE_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java?rev=1073747&r1=1073746&r2=1073747&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java Wed Feb 23 14:00:54 2011
@@ -76,6 +76,9 @@ public class RampartPolicyBuilder {
for (Iterator iter = topLevelAssertions.iterator(); iter.hasNext();) {
Assertion assertion = (Assertion) iter.next();
if (assertion instanceof Binding) {
+
+ setWebServiceSecurityPolicyNS(assertion, rpd);
+
if (assertion instanceof SymmetricBinding) {
processSymmetricPolicyBinding((SymmetricBinding) assertion, rpd);
} else if(assertion instanceof AsymmetricBinding) {
@@ -102,6 +105,10 @@ public class RampartPolicyBuilder {
} else if (assertion instanceof ContentEncryptedElements) {
processContentEncryptedElements((ContentEncryptedElements) assertion, rpd);
}else if (assertion instanceof SupportingToken) {
+
+ //Set policy version. Cos a supporting token can appear along without a binding
+ setWebServiceSecurityPolicyNS(assertion, rpd);
+
processSupportingTokens((SupportingToken) assertion, rpd);
} else if (assertion instanceof Trust10) {
processTrust10((Trust10)assertion, rpd);
@@ -120,6 +127,18 @@ public class RampartPolicyBuilder {
return rpd;
}
+ /**
+ * Sets web service security policy version. The policy version is extracted from an assertion.
+ * But if namespace is already set this method will just return.
+ * @param assertion The assertion to get policy namespace.
+ */
+ private static void setWebServiceSecurityPolicyNS(Assertion assertion, RampartPolicyData policyData) {
+
+ if (policyData.getWebServiceSecurityPolicyNS() == null) {
+ policyData.setWebServiceSecurityPolicyNS(assertion.getName().getNamespaceURI());
+ }
+ }
+
/**
@@ -157,7 +176,7 @@ public class RampartPolicyBuilder {
/**
* Evaluate the symmetric policy binding data.
*
- * @param binding
+ * @param symmBinding
* The binding data
* @param rpd
* The WSS4J data to initialize
@@ -202,7 +221,7 @@ public class RampartPolicyBuilder {
/**
* Populate elements to sign and/or encrypt with the message tokens.
*
- * @param sep
+ * @param see
* The data describing the elements (XPath)
* @param rpd
* The WSS4J data to initialize
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java?rev=1073747&r1=1073746&r2=1073747&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java Wed Feb 23 14:00:54 2011
@@ -62,6 +62,9 @@ public class RampartPolicyData {
private boolean signatureConfirmation;
+ //Policy namespace
+ private String webServiceSecurityPolicyNS = null;
+
/*
* Message tokens for symmetrical binding
*/
@@ -163,7 +166,17 @@ public class RampartPolicyData {
private Vector supportingPolicyData = new Vector();
private Vector supportingTokens = new Vector();
-
+
+
+
+ public String getWebServiceSecurityPolicyNS() {
+ return webServiceSecurityPolicyNS;
+ }
+
+ public void setWebServiceSecurityPolicyNS(String webServiceSecurityPolicyNS) {
+ this.webServiceSecurityPolicyNS = webServiceSecurityPolicyNS;
+ }
+
public Vector getSupportingPolicyData() {
return supportingPolicyData;
}
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/pom.xml?rev=1073747&r1=1073746&r2=1073747&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/pom.xml (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/pom.xml Wed Feb 23 14:00:54 2011
@@ -268,6 +268,21 @@
<copy overwrite="yes" file="src/test/resources/rampart/services-sc-3.xml" tofile="target/temp-ramp/META-INF/services.xml" />
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC3.aar" basedir="target/temp-ramp" />
+ <!-- Service SC-4 This is with standard secure conversation specification -->
+ <copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-sc-4.xml" tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC4.aar" basedir="target/temp-ramp"/>
+
+ <!-- Service SC-5 This is with standard secure conversation specification -->
+ <copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-sc-5.xml" tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC5.aar" basedir="target/temp-ramp"/>
+
+ <!-- Service SC-6 This is with standard secure conversation specification -->
+ <copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-sc-6.xml" tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC6.aar" basedir="target/temp-ramp"/>
+
<!--
Set up the infra for rahas tests and the rahas client repo
-->
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java?rev=1073747&r1=1073746&r2=1073747&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java Wed Feb 23 14:00:54 2011
@@ -57,19 +57,26 @@ public class RampartTest extends TestCas
UtilServer.stop();
}
-
+ private ServiceClient getServiceClientInstance() throws AxisFault {
+
+ String repository = Constants.TESTING_PATH + "rampart_client_repo";
+
+ ConfigurationContext configContext = ConfigurationContextFactory.
+ createConfigurationContextFromFileSystem(repository, null);
+ ServiceClient serviceClient = new ServiceClient(configContext, null);
+
+
+ serviceClient.engageModule("addressing");
+ serviceClient.engageModule("rampart");
+
+ return serviceClient;
+
+ }
+
public void testWithPolicy() {
try {
- String repo = Constants.TESTING_PATH + "rampart_client_repo";
-
- ConfigurationContext configContext = ConfigurationContextFactory.
- createConfigurationContextFromFileSystem(repo, null);
- ServiceClient serviceClient = new ServiceClient(configContext, null);
-
-
- serviceClient.engageModule("addressing");
- serviceClient.engageModule("rampart");
+ ServiceClient serviceClient = getServiceClientInstance();
//TODO : figure this out !!
boolean basic256Supported = true;
@@ -171,9 +178,9 @@ public class RampartTest extends TestCas
}
- for (int i = 1; i <= 3; i++) { //<-The number of tests we have
+ for (int i = 1; i <= 6; i++) { //<-The number of tests we have
- if (i == 2 || i == 3) {
+ if (i == 3 || i == 6) {
continue; // Can't test Transport binding scenarios with Simple HTTP Server
}
@@ -181,6 +188,10 @@ public class RampartTest extends TestCas
System.out.println("Testing WS-SecConv: custom scenario " + i);
options.setAction("urn:echo");
options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureServiceSC" + i));
+
+ //Create a new service client instance for each secure conversation scenario
+ serviceClient = getServiceClientInstance();
+
serviceClient.getServiceContext().setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("/rampart/policy/sc-" + i + ".xml"));
serviceClient.setOptions(options);
@@ -196,6 +207,8 @@ public class RampartTest extends TestCas
serviceClient.sendReceive(getEchoElement());
options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
serviceClient.sendReceive(getEchoElement());
+ serviceClient.cleanupTransport();
+
}
} catch (Exception e) {
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-trust-mar/module.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-trust-mar/module.xml?rev=1073747&r1=1073746&r2=1073747&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-trust-mar/module.xml (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-trust-mar/module.xml Wed Feb 23 14:00:54 2011
@@ -2,12 +2,13 @@
<Description>This module is used to STS enable a service where it adds
the RequestSecurityToken operation to a service that the module is engaged to</Description>
- <supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy, http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
+"/>
<operation name="RequestSecurityToken" mep="http://www.w3.org/2006/01/wsdl/in-out">
<messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
- <!-- Action mapping to accept SCT requests -->
+ <!-- Action mapping to accept SCT requests. For submissive version. -->
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
@@ -16,12 +17,22 @@
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+ <!-- Action mapping to accept SCT requests. For standard secure conversation version -->
+ <actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT</actionMapping>
+
+ <actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</actionMapping>
+ <actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew</actionMapping>
+ <actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel</actionMapping>
+ <actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Cancel</actionMapping>
+ <actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate</actionMapping>
+
<parameter name="token-dispatcher-configuration">
<token-dispatcher-configuration>
<!-- Issuers. You may have many issuers. -->
<issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
<configuration type="parameter">sct-issuer-config</configuration>
<tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
+ <tokenType>http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct</tokenType>
</issuer>
<issuer class="org.apache.rahas.impl.SAMLTokenIssuer">
<configuration type="parameter">saml-issuer-config</configuration>
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java?rev=1073747&r1=1073746&r2=1073747&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java Wed Feb 23 14:00:54 2011
@@ -392,6 +392,22 @@ public class STSClient {
private Token processIssueResponse(int version, OMElement result,
String issuerAddress) throws TrustException {
OMElement rstr = result;
+
+ /**
+ * TODO :-
+ * There are 3 mechanisms to establish a security context token.
+ * They are,
+ * 1. Security context token created by a security token service
+ * 2. Security context token created by one of the communicating parties and propagated with a
+ * message
+ * 3. Security context token created through negotiation/exchanges
+ *
+ * As per now we are only supporting case 1. Therefore we always expect a
+ * wst:RequestSecurityTokenResponseCollection in the incoming message.
+ *
+ * This only applies when we use specification http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512
+ */
+
if (version == RahasConstants.VERSION_05_12) {
//The WS-SX result will be an RSTRC
rstr = result.getFirstElement();
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java?rev=1073747&r1=1073746&r2=1073747&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java Wed Feb 23 14:00:54 2011
@@ -106,9 +106,26 @@ public class SCTIssuer implements TokenI
SecurityContextToken sct =
new SecurityContextToken(this.getWSCVersion(data.getTokenType()), doc);
- OMElement rstrElem =
- TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
- env.getBody());
+ OMElement rstrElem;
+ if (wstVersion == RahasConstants.VERSION_05_12) {
+ /**
+ * If secure conversation version is http://docs.oasis-open.org/ws-sx/ws-trust/200512
+ * We have to wrap "request security token response" in a "request security token response
+ * collection".
+ * See WS-SecureConversation 1.3 spec's Section 3 - Establishing Security Contexts
+ * for more details.
+ */
+ OMElement requestedSecurityTokenResponseCollection = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(wstVersion, env.getBody());
+ rstrElem =
+ TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
+ requestedSecurityTokenResponseCollection);
+ } else {
+ rstrElem =
+ TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
+ env.getBody());
+ }
+
OMElement rstElem =
TrustUtil.createRequestedSecurityTokenElement(wstVersion, rstrElem);